Dan the D-Bus Analyzer

Automatic privilege evaluation of D-Bus services on a remote device.

Presented at DEF CON 26 (slide, video)

Supported Platforms

See branches of this Git repository.

tizen-wearable-2.3.2
tizen-wearable-3.0

Requirements

node.js
yarn

Usage

yarn install
yarn run all

Dan spawns a test process with no privilege on a remote device. The process recursively scans through its D-Bus tree to acquire its structure; bus names, objects, interfaces, properties, methods, and signals. The analyzer tries to gather every property of every object, and to call every method of every interface for privilege evaluation. Finally, the data is written into the files for further analysis.

db.json: A simple JSON database for the analyzer, containing the D-Bus tree structure
properties.log: A list of properties accessible from the test process
callables.log: A list of methods callable from the test process, formatted as shell commands

License

GPLv3

Name		Name	Last commit message	Last commit date
Latest commit History 66 Commits
.gitignore		.gitignore
1 - Bus Name Discovery.js		1 - Bus Name Discovery.js
2 - Object Introspection.js		2 - Object Introspection.js
3 - Method Invocation.js		3 - Method Invocation.js
4 - Prune and Print.js		4 - Prune and Print.js
GetAll.jison		GetAll.jison
README.md		README.md
common.js		common.js
db.json		db.json
icon.png		icon.png
install.sh		install.sh
package.json		package.json
yarn.lock		yarn.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Dan the D-Bus Analyzer

Supported Platforms

Requirements

Usage

License

About

Releases

Packages

Languages

kiding/dan

Folders and files

Latest commit

History

Repository files navigation

Dan the D-Bus Analyzer

Supported Platforms

Requirements

Usage

License

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages